Inter-Forrest Migration Steps Phase 1 : DNS, WINS & DHCP Migration

Discussion in 'Server Migration' started by Stan, Feb 1, 2005.

  1. Stan

    Stan Guest

    Inter-Forrest Migration Steps Phase 1 : DNS, WINS & DHCP Migration

    Please can you point me in the right direction as I am finding difficulty
    finding exact steps to follow for DNS & DHCP migration.

    Setup :
    SiteA : Win2003 AD Forrest (ForrestA) , 2 AD Dcs running W2003-Interim mode,
    Intergrated AD/DNS Zone & DHCP service. DNS internal to siteA,
    DomainA.CountryCode, no connection to outside world or parent company

    Plan :
    Migrate SiteA services (DNS, DHCP, WINS, users, groups,etc) to parent
    company AD Forrest (ForrestB).
    Initial step to move DNS & DHCP to SiteA Parent company AD DC.

    Steps :
    1) Install at SiteA, a new AD DC for Parent company, DomainB. Replicate with
    other company AD DCs, W2003 AD running 2003 Native Mode. DomainB AD DC on
    same subnet as DomainA.
    Will there be any issues for NT, W2K & XP Clients as DomainB is installed on
    the same subnet ? Clients should be picking up DHCP scope for DomainA
    services, so I am not expecting any problems. Can you confirm please ?

    2) Do I need to raise 2003-Interim Level on DomainA to 2003 Native before
    migrating services ?
    3) Use DNS Forwading on DomainA.CountryCode DNS Zone to point to
    DomainB.CountryCode ?
    4) Use DNS Forwading on DomainB.CountryCode DNS Zone to point to
    DomainA.CountryCode ?
    5) Check DNS name resolution from remote siteB
    6) Create 2 way TRUST
    7) To migrate WINS, PULL / PUSH between DoaminA & DomainB WINS Servers, tehn
    after successful migration stop DoaminA WINS Services, also change DomainA
    DHCP to use DomainB WINS
    8) How do I migrate DHCP Service from DoaminA DC to DomainB DC ?

    Sorry for asking may questions, but I want to make sure steps are correct.

    Can you point me to other MS www sites which have detailed Inter-Forrest
    Migration steps documented for User, Groups, etc. migraton.

    Many Thanks - Stan
     
    Stan, Feb 1, 2005
    #1
    1. Advertisements

  2. Hello Stan,

    Good to hear from you.

    I would like to answer your questions in order.

    1) Install at SiteA, a new AD DC for Parent company, DomainB. Replicate
    with other company AD DCs, W2003 AD running 2003 Native Mode. DomainB AD DC
    on same subnet as DomainA. Will there be any issues for NT, W2K & XP
    Clients as DomainB is installed on the same subnet ? Clients should be
    picking up DHCP scope for DomainA services, so I am not expecting any
    problems. Can you confirm please?

    A: You just install one DC of DomainB in SiteA. It will not cause any issue.


    2) Do I need to raise 2003-Interim Level on DomainA to 2003 Native before
    migrating services?

    A: ADMT does not require the source domain to be 2003 Native. So you don't
    need to do this.
    ADMT require that the target domain should be in Windows 2000 Native mode
    or later.

    Refer to the following article for more information. Although the source
    domain is win2000, it also applies to win2003.

    How to Use Active Directory Migration Tool Version 2 to Migrate from
    Windows 2000 to Windows Server 2003
    http://support.microsoft.com/default.aspx?scid=kb;en-us;326480


    3) Use DNS Forwading on DomainA.CountryCode DNS Zone to point to
    DomainB.CountryCode ?
    4) Use DNS Forwading on DomainB.CountryCode DNS Zone to point to
    DomainA.CountryCode ?

    A: Please don't use the forwarding. We usually create secondary zones.
    You can create a secondary zone on the DomainA for the zone on the DomainB
    DNS server to replicate the information in DomainB.
    You can also create a secondary zone on the DomainB for the zone on the
    DomainA DNS server to replicate the information in DomainA.


    5) Check DNS name resolution from remote siteB

    A: It is ok.

    6) Create 2 way TRUST

    A: It is ok.

    The following articles are for your reference. Although the source domain
    is win2000, it also applies to win2003.

    To create a forest trust
    http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/p
    roddocs/en-us/Default.asp?url=/resources/documentation/windowsserv/2003/stan
    dard/proddocs/en-us/x_createtrust.asp

    Planning Distributed Security
    http://www.microsoft.com/resources/documentation/Windows/2000/server/reskit/
    en-us/Default.asp?url=/resources/documentation/windows/2000/server/reskit/en
    -us/deploy/dgbe_sec_bkhy.asp


    7) To migrate WINS, PULL / PUSH between DoaminA & DomainB WINS Servers,
    then after successful migration stop DoaminA WINS Services, also change
    DomainA DHCP to use DomainB WINS
    8) How do I migrate DHCP Service from DoaminA DC to DomainB DC ?

    A: You can migrate WINS and DHCP after the whole migration completes.
    The process is simple. You can download the whitepaper in the following
    link and refer to chapter 3 for more information. Although the source
    domain is NT, it also applies to win2003.

    Migrating from Windows NT Server 4.0 to Windows Server 2003
    http://www.microsoft.com/downloads/details.aspx?FamilyID=e92cf6a0-76f0-4e25-
    8de0-19544062a6e6&DisplayLang=en


    Can you point me to other MS www sites which have detailed Inter-Forrest
    Migration steps documented for User, Groups, etc. migration.

    A: You may find the following article helpful.

    Domain Migration Cookbook
    http://www.microsoft.com/technet/prodtechnol/windows2000serv/deploy/cookbook
    /default.mspx

    Restructuring Active Directory Domains Between Forests
    http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/deploy
    guide/en-us/dssbi_reer_overview.asp


    Hope this helps. If you have any further questions, don't hesitate to get
    in touch!

    Best regards,

    Frances He


    Microsoft Online Partner Support
    Get Secure! - www.microsoft.com/security

    =====================================================

    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.

    =====================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Frances [MSFT], Feb 2, 2005
    #2
    1. Advertisements

  3. Hello,

    To migrate DNS, WINS, or DCHP during the migration process is not a must,
    it depends on the real environment. However most people will choose to
    migrate them. DNS can be replicated by AD if you use AD-integrated zone.

    In addition, I notice that you will migrate computers first. It is not
    recommended. The Recommended Migration Order is listed below for your
    reference:
    1. Trust migration (UI Only)
    2. Service account migration
    3. Domain Global Group
    4. Domain Local Group
    5. User migration
    6. Computer migration
    7. Security translation
    8. Report

    If you have further questions, please open a new thread and we can discuss
    the issue there. In this way, we will keep the thread clean.

    Thanks for your understanding.


    Best regards,

    Frances He


    Microsoft Online Partner Support
    Get Secure! - www.microsoft.com/security

    =====================================================

    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.

    =====================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Frances [MSFT], Feb 3, 2005
    #3
  4. Stan

    Stan Guest

    Hi Frances, many thanks for your detailed response. I have been looking
    through all documents. Great resources !!

    Just need to clarify why for Question / Answer (4) You recommend using
    secondary zones for each Forest domain on each others DNS server. And not use
    Conditional Forwarding. Most artical I have read including

    http://www.wown.com/articles_tutorials/DNS_Conditional_Forwarding_in_Windows_Server_2003.html

    state that this feature works well on W2003 domains.

    Please note DomainA & DomainB are in seperate forests, with DDNS
    AD-Intergated zones. With your recommendation, can you create a secondary AD
    DDNS AD-Intergrated Zones on a diffrent forrest DNS server which also uses AD
    DDNS ? I was under the impression you could only create a Seconday DNS Zones
    from a Primary DNS zone in sthe same Domain.

    Many thanks for your continued assistance !

    Kind Regards - Stan :)
     
    Stan, Feb 4, 2005
    #4
  5. Hello Stan,

    Good to see your update.

    As for the DNS zones, don't worry about that. You can create a Secondary
    DNS Zone from an AD-integrated zone in another domain.

    I would like to confirm your real situation and then explain my
    recommendation. How long will DomainA exist after the migration? Do you
    migrate DNS because there are many manually added records in the DNS server
    in DomainA?

    Generally speaking, if there are no manually added records in the DNS
    server in DomainA, you don't need to migrate DNS. Because DomainB has
    dynamic AD-integrated DNS zone, after migration to DomainB, all the
    migrated computers can be dynamically updated and contact to DNS server in
    DomainB with no difficulty.

    If this is not the case, you can use Secondary Zone to replicate the DNS
    records in DomainA. In this way, all the manually added records can be
    replicated to the DNS server in DomainB.

    To clarify, let us name the DNS server in DomainA DA, the DNS server in
    DomainB DB.

    If you choose to use conditional forwarders, when DB cannot resolve a
    computer name, it will forward the computer name to DA. If DA is down, the
    computer name can't be resolved. If you create a Secondary Zone in DB for
    the zone in DA, the DNS records are replicated to DB. When DA is offline,
    you can still resolve the computer name. Later, when you remove DomainA,
    you can simply change the secondary zone in DB to primary zone.

    Refer to the following article for more information.

    Choosing a Zone Type
    http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/deploy
    guide/en-us/Default.asp?url=/resources/documentation/windowsserv/2003/all/de
    ployguide/en-us/dnsbd_dns_nuql.asp

    In addition, I am not sure why you want to create two way DNS forwarders?
    Since DomainA will be migrated to DomainB, it will be removed at last,
    there is no need to do that.


    If you have any concern, please feel free to let me know.

    Best regards,

    Frances He


    Microsoft Online Partner Support
    Get Secure! - www.microsoft.com/security

    =====================================================

    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.

    =====================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Frances [MSFT], Feb 7, 2005
    #5
  6. Stan

    Stan Guest

    Frances, once again thanks for your input, I really appreciate it !

    Here are the answers to your questions ....

    Once Domain Services of DomainA have been migrated to DomainB, DomainA will
    be decommsioned in a matter of weeks.

    There are only a few manually created DNS entries in DA.
    The reason for knowing about Secondary DNS Vs Conditional Forwarding is to
    ensure that during migration period, devices (PCs, Server, etc) continue to
    find each other weather they be in DomainA or DomainB.

    I take your point re using Conditional Forwarders VS Secondary zones. As we
    can create a secondary zone for AD / DDNS Intergrated Zones, in another
    domain then, yes I will atempt to follow this approach.

    Thanks - Stan
     
    Stan, Feb 7, 2005
    #6
  7. Hello Stan,

    You are welcome. It is my pleasure to be helpful to your work.

    According to your scenario, it is recommended to use Secondary DNS zones.
    If the number of the manually created DNS entries is small, you can also
    consider manually adding them to the DNS server in DomainB.

    If you have any concern, please feel free to let us know.


    Best regards,

    Frances He


    Microsoft Online Partner Support
    Get Secure! - www.microsoft.com/security

    =====================================================

    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.

    =====================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Frances [MSFT], Feb 8, 2005
    #7
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.